[
https://issues.apache.org/jira/browse/OAK-6356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16053953#comment-16053953
]
Alex Deparvu commented on OAK-6356:
-----------------------------------
[~anchela] started work on this branch [0] please take a look!
* I have added OR variants to existing tests that cover the composite package.
* Not sure how to enable the OR version via config, would appreciate a hand here
* found 2 interesting items in the {{CompositeTreePermission}}, but those are
not relevant to this patch, at least I don't think they are: {{canReadAll}}
always returns false and second is {{canReadProperties}} does not seem to use a
composite aggregation of existing treePermissions.
* had to locally bump a few OSGi export versions, not exactly sure why
(probably unrelated to the patch)
[0] https://github.com/apache/jackrabbit-oak/compare/trunk...stillalex:oak-6356
> Allow CompositePermissionProvider to OR entries
> -----------------------------------------------
>
> Key: OAK-6356
> URL: https://issues.apache.org/jira/browse/OAK-6356
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: core, security
> Reporter: Alex Deparvu
> Assignee: Alex Deparvu
>
> Currently the {{CompositePermissionProvider}} ANDs the entries and if any of
> those denies a check, all the chain will fail early. I'd like to extend this
> mechanism to 'OR' items if needed.
> A first application of this ORing could be the multiplexed permission store
> where the default store could deny a check but a mount could allow it, so it
> could be seen as valid.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
